FTPd CWD Command Account Enumeration

Medium Nessus Plugin ID 10082


The remote FTP server is vulnerable by an account-enumeration attack.


It is possible to determine the existence of a user on the remote system by issuing the command CWD ~<username>.

An attacker may use this to determine the existence of known to be vulnerable accounts (like guest) or to determine which system you are running.


There is no known solution at this time.

Plugin Details

Severity: Medium

ID: 10082

File Name: ftp_check_user.nasl

Version: $Revision: 1.27 $

Type: remote

Family: FTP

Published: 1999/11/12

Modified: 2013/12/04

Dependencies: 10079, 10092

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: ftp/anonymous